Information access is the dominant use case in today's Internet with more than 90% of Internet traffic being content distribution, mainly due to video streaming and file sharing. However, the Internet Protocol (IP) in today's Internet is host-centric and relies on point-to-point communication. Solving content distribution problems via IP's point-to-point model is complex and inefficient. Future internet architectures based on the information-centric networking (ICN) paradigm propose to address ongoing challenges in supporting modern Internet applications. These new architectures support the dissemination of named and signed data natively at the network layer. Named Data Networking (NDN) is one such architecture that has a growing community of interest. We are exploring the use of ICN-based technologies for an efficient next-generation Internet by researching associated protocols and measurements, contributing to the specification of related standards, and fostering adoption of NDN in a variety of application domains.
Today the Internet relies on content distribution network overlays and caching to deliver most of its traffic. It is not clear that this architecture can continue to scale to meet data projections of the next decade and beyond. Current research in information-centric networking proposes a new architecture for the Internet focused on secure large scale data dissemination. The ICN architecture is a disruptive innovation that provides powerful communications capabilities to meet future networking needs: built-in security, in-network caching, native support for multicast delivery of content, etc.
Instead of IP addresses, packets have names and users request content by sending an Interest packet carrying the name of the desired content. This triggers the network to return information in a Data packet that can be cached in the network nodes to satisfy future requests for the same content. We are exploring how this paradigm addresses some of the key challenges in scalability, efficient resource utilization, and security faced by emerging applications in areas such as Internet of Things (IoT), edge computing, 5G/6G, and big data. Our objective is to help mature the emerging NDN technology and associated metrology, showcase proof of concepts in different use cases and application areas, and carry out evaluations (performance measurement with modeling/analysis) for increased confidence among technology adopters.
Our ICN program, with emphasis on NDN, covers protocols and applications and leverages real-world experimentation for performance evaluations. Some of the outcomes of this program include:
A fundamental component in a NDN network is the forwarder (or router) that implements NDN's communication model. We developed NDN-DPDK, a high-performance NDN forwarder capable of achieving a throughput of over 100 Gbps while running on commodity x86 hardware. NDN-DPDK adopts several architectural optimizations ranging from better algorithms and data structures to reduced kernel and system call overhead, which was made possible by leveraging the fast user-space packet processing framework Data Plane Development Kit (DPDK). DPDK is available for many common 10/100 Gbps Ethernet adapters and provides a set of libraries to accelerate packet processing tasks, such as ring buffers, memory pools, and thread management. This enables our forwarder to receive and transmit packets directly from user space without going through the Linux kernel. Additionally, NDN-DPDK takes full advantage of the parallelism offered by modern multi-core CPUs.
The codebase for the developed forwarder was released to the community as a public repository. We made a presentation of our NDN-DPDK project at the ICN research group (ICNRG) in IRTF. Since its publication in 2019, NDN-DPDK has received positive feedback from the ICN community. Today, NDN-DPDK is being used as a core component in a high performance NDN testbed for a NSF-funded project (N-DISE) on data intensive science experiments, which was also demoed at the Supercomputing Conference to showcase efficient data distribution for the data-intensive science community.
Onboarding is the first step in the life of an Internet of Things (IoT) device. In an NDN home network, onboarding means 1) authenticating to a local controller, 2) provisioning network parameters, passwords, and other key material required to establish secure link-layer connectivity, 3) obtaining a device certificate from the local trust anchor. The NDN project already defines a certificate management protocol (NDNCERT) that provides a solution for the third step. We propose a protocol extension that generalizes the "challenge" mechanism of NDNCERT to support a more elaborate authentication and provisioning procedure that involves a local controller as a third entity. The controller is in charge of verifying that the onboarding request is legitimate and comes from a device that is authorized to join the network. This step is based on the SPAKE2 key exchange protocol, with explicit key confirmation and with the addition of one or more out-of-band exchanges. We suggest a few examples of the latter that work even for IoT devices with minimal input/output capabilities. This work was documented in our paper "PION: Password-based IoT Onboarding Over Named Data Networking" at IEEE's International Conference on Communications and the reference implementation was released as open source software.
We developed NDN-PTT (NDN Push-To-Talk), an experimental audio group-chat application for Android, to demonstrate the benefits that NDN can provide to the use case of push-to-talk communication, popular in the public safety community. Existing analog-based PTT solutions have the problem of simultaneous transmissions interfering with each other. A digital PTT solution can solve this shortcoming. We have developed this prototype using NDN because it simplifies system design, as NDN uses application semantics at the network layer, and the complexity of IP address management is removed, resulting in a more robust and resilient system. Moreover, NDN’s built-in data-centric security allows to easily verify the integrity and authenticity of all received messages, hence providing a more secure out-of-the-box experience. NDN-PTT is our second iteration on the topic of push-to-talk for public safety use cases. It improves on an earlier prototype by allowing for real-time audio message transmission, thus greatly reducing communication latency.